[jboss-user] [JBoss Portal] - Re: Declarative Security and Portlets
Please find my answers inline: 1) There is no role-based declarative security for portlets defined by portlet spec. Yes 2) For local portlets in JBoss Portal it is solved by securing portlet instances. Yes 3) For WSRP, JBoss Portal has no solution currently. Neither propagation of a User id, nor role based access control is solved. If we need something there, we should implement it ourselves. Yes View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4022953#4022953 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4022953 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Portal] - Re: location URL to redirect to after signout
Basically that parameter has to be set in the PortletRequest and not in the HttpRequest. See menu.jsp fragment below: a id=logout href= | portlet:actionURL windowState=normal | portlet:param name=op value=userLogout/ | portlet:param name=locationURL value=/portal/portal/default/default/ | /portlet:actionURL | Logout and return to default page | /a The tag portlet:actionURL does the actual work. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3987862#3987862 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3987862 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBossWS] - ws-security JBWS-638 - Design Notes
SecurityStore == Will no longer hold the keystore and truststore, rather will hold a reference to a JaasSecurityDomain Object. This will be used to lookup the security configuration and also to encode/decode. Since we want to make this keystore configuration available from jboss-wsse-server.xml also, we allow the user to Either specify the jaasSecurityDomain in wsse-server.xml Or Allow him to set the complete keystore properties as before. But this time the properties will be created as a JassSecurityDomain and stored as Object This way both the approach will use the same mechanism to use jaasSecurityDomain to cater to the security needs. What needs to be done: == 1. jboss-wsse-server.xml needs to be adjusted to provide a facility for a jaasSecurityDomain. 2. org.jboss.ws.wsse.SecurityStore will need to match the above logic to lookup JNDI and do the needful. 3. org.jboss.ws.wsse.WSSecurityDispatcher will create the SecurityStore differently using the jassSecurityDomain name or the keystore properties depending on the configuration. 4. org.jboss.ws.metadata.wsse.WSSecurityConfiguration needs to be changed to add the new jassSecurityDomain property. The only problem that I have is where and who will initialize the kestore configurations from jboss-wsse-server.xml as a jassSecurityDomain MBean? Will it be in SecurityStore? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3963950#3963950 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3963950 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user